Information security is the practice of protecting computer and network systems from damage or disruption caused by unauthorized access, use, disclosure, disruption, modification, or destruction of data. Information security may also include preventing and detecting malicious intent by network users as well as identifying and responding to potential vulnerabilities in software applications against which exploitation could occur.
In general terms, information security includes identification, risk management, and prevention against both internal (e.g., within an organization) and external (e.g., via the Internet) threats.
Communications and information systems security (CIS or CISS), focuses on ensuring the confidentiality, integrity, and availability of data in transit, at rest, and in use. CIS protects the authenticity of data, the integrity of system resources, and the availability of communication networks. The mechanisms provided by CIS complement physical protection measures such as fencing, surveillance.. etc.
The CIS Security Continuum, (a framework of security concepts) is designed to assist in understanding how information systems operate and present their potential vulnerabilities. It is a taxonomy that structures elements of information security into a hierarchy of controls. The principle behind the CIS Security Continuum is that protection mechanisms are categorized as either preventive or detective, based upon whether they prevent security incidents from occurring or detect them after they have occurred.
In modern-day business, we see organizations investing heavily into protecting their physical infrastructure such as buildings and data centers with very little emphasis on the \"people\" aspect of the business. In today\'s evolving threat landscape organizations need to ensure they remain up to date with changing regulations and new threats.
Have you ever thought about how network systems are protected? This task is held by Information security analysts, or logicians, they are the ones responsible for designing and building systems and procedures to protect data confidentiality, integrity, and availability. These individuals help organizations prevent cybercrime by establishing information security policies. Moreover, they help identify vulnerabilities in technology systems using computer engineering techniques such as penetration testing.
Information security analysts are also known as information security engineers or information security technicians and are employed by companies that have experienced a data breach or stolen information through hacking (computer crime). These workers test networks and perform risk assessments to act when a breach occurs. The work of these individuals is essential because they evaluate whether computer systems need to be revamped or rebuilt using technological advances such as computer forensic analysis; network changes; and increased policies to prevent future incidents.
Information security analysts also ensure that internal company computer systems are protected from viruses and spam. They evaluate the performance of computer programs, such as operating systems and applications, to know whether they can be upgraded or replaced to meet new threats. They also develop information security policies to help prevent future breaches or hacks by giving employees guidelines on acceptable computer usage within the corporate network and Internet-connected devices. Information security analysts can work for private and public sector organizations.
Information Security Analysts employed by the government hold positions designated as either “information assurance analysts” (IAA) or “cybersecurity analysts” (CSA). The National Security Agency currently employs a large number of information assurance analysts. Information assurance analysts are essentially in the same career field as cybersecurity analysts, but they usually hold more advanced positions such as technical director or team lead. However, the primary difference between the two is that cybersecurity analysts generally work for private sector organizations and perform their duties with a greater focus on operating systems and software vulnerabilities, while information assurance analysts are employed by private or public sector agencies and spend more time evaluating hardware vulnerabilities and cryptographic protocols.
Information security analysts work in various industries such as insurance, health care, retail, manufacturing, finance, transportation, and government. They can also work for the federal government or private sector. This career has many international career outlooks that have a variety of salaries according to the experience level and country. Whereas the average salary for an information security analyst is $80.000 per year in the United States, not to mention the best ones, they can reach $120.000 per year.
In review, Information Security Analysts protect information systems and database, and keep them up to date, we may not pay attention to that, but their work is essential whether in maintaining high-security standards or solve security issues, they are men behind the scenes.
